Eddy Nigg (StartCom Ltd.) wrote: > This is a known shortcoming of FF2 and inherits higher risks then weak > keys. That's because if a certificate is revoked because of a weak key > it was most likely requested by the subscriber himself and he wouldn't > continue use of the weak key anyway.
But the MITM attacker could use it to impersonate the site, which is the whole point. > Hence this would make only sense if > CAs would revoke such certificate unilaterally. I don't think that's correct; see above. >> - Modify NSS/Firefox to detect weak sites > > I would cite privacy concerns with such a scenario. Like what? >> If we can get a fairly complete list of vulnerable sites >> > > How do you intend to find them? web-crawlers are not exactly rocket science. So the real question is: given an SSL handshake, how does one tell whether the site is vulnerable? I believe there are ways to detect this, based on other mails I've seen going through. >> - Publish a "CA hall of shame" >> > And what if a CA refuses to comment or provide this information? Provide what information? If there is a list of vulnerable sites, there is a corresponding list of CAs, since the site certificate says who the CA is. They can of course refuse to comment when someone says they're not doing their job (assuming that's the implication of such a "hall of shame"). That's their prerogative. ;) >> - Ship a Firefox 2 update with some built-in CRLs > > Again, see above that this makes only sense if an affected site owner > would refuse to replace the certificate because of somebody detected a > weak key. Again, I don't think that's correct. > Even if it doesn't sound so good, do nothing is the right thing to do I > think. That's the perspective of the CAs (including yourself), sure. We know that already. -Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
